2e4b851d6e2f1a72465b2f0f15953c9a8831ab361117d4912808fc219907af2d

Sharing

Copy URL Twitter E-mail

General

Target

2e4b851d6e2f1a72465b2f0f15953c9a8831ab361117d4912808fc219907af2d
Size

880KB
MD5

6cef28e01fc6119cf77d06386e824d79
SHA1

821ebd5841dc46381b2ff854218d7ca30a87cfb4
SHA256

2e4b851d6e2f1a72465b2f0f15953c9a8831ab361117d4912808fc219907af2d
SHA512

09b09fbe2919d2673ef5b060217cbc025640cbec2010e4e8f7131a9aa0f391d0b7f8f630561d6bc5bd0fb62a51115293699c0bf8d87cec64df895aafa00fd6cf
SSDEEP

12288:MAkBjlbMJqHdIFSDw8eRPLcB1LSUAwkTL2/VlValyA55XFG:MAUlbCoDjeBLI1LSRMV/alyqc

Score

N/A

Malware Config

Signatures

Files

2e4b851d6e2f1a72465b2f0f15953c9a8831ab361117d4912808fc219907af2d
.exe windows x86

7be475de1ecc5d76f0611924cff5dcb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??_V@YAXPAX@Z
memmove
_fileno
_iob
_isatty
_write
__pioinfo
__badioinfo
_lseeki64
_itoa
_snprintf
isleadbyte
__mb_cur_max
mbtowc
__set_app_type
_initterm
_cexit
_CIpow
_ftol
_CIsqrt
wcschr
realloc
_onexit
towlower
_vsnwprintf
_vscwprintf
_time64
_wputenv
??2@YAPAXI@Z
free
_purecall
malloc
calloc
??_U@YAPAXI@Z
memset
_CxxThrowException
towupper
memcpy
wcstoul
_wcstoui64
_wcslwr
wcsncmp
_wcsnicmp
wcstol
iswdigit
wcsstr
_wcsicmp
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_errno
__CxxFrameHandler
_stricmp
strncmp
_ultoa
_strlwr
_wtol
bsearch

advapi32

StartServiceW
ChangeServiceConfigW
ReportEventW
DeregisterEventSource
ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegEnumKeyExW
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
AddAce
CopySid
GetAce
RegQueryInfoKeyW
LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
IsValidSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
CheckTokenMembership
GetSecurityInfo
SetSecurityInfo
GetNamedSecurityInfoW
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
TraceEvent
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExW
QueryServiceStatusEx
ControlService
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
RegisterEventSourceW

kernel32

MapViewOfFile
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
DuplicateHandle
ReadFile
GetFileSize
FreeLibraryAndExitThread
FindClose
FindNextFileW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
lstrlenW
InterlockedIncrement
InterlockedDecrement
SetEvent
OpenEventW
FindFirstFileW
GetLastError
GetTickCount
Sleep
WaitForSingleObject
SetLastError
CreateEventW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
LocalFree
SetThreadExecutionState
InterlockedExchange
DeleteTimerQueueEx
DeleteTimerQueueTimer
CreateTimerQueue
CreateTimerQueueTimer
ChangeTimerQueueTimer
MultiByteToWideChar
WriteFile
CreateFileW
CompareStringA
MulDiv
GetLongPathNameW
GetFullPathNameW
GetFileAttributesW
LocalAlloc
RemoveDirectoryW
UnregisterWaitEx
InterlockedCompareExchange
DeleteFileW
RegisterWaitForSingleObject
QueueUserWorkItem
GetCurrentThread
GetCurrentProcess
FormatMessageW
CreateThread
GetSystemTime
GetStringTypeExW
DebugBreak
lstrcmpiW
GetComputerNameW
WideCharToMultiByte
lstrlenA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
OutputDebugStringA
RtlUnwind
GetStartupInfoW
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
ExpandEnvironmentStringsW
GetTempPathW
GetVersionExW
ResetEvent
CompareFileTime
GetFileAttributesExW
VirtualFree
VirtualAlloc
OpenFileMappingW
SetFilePointerEx
GetFileSizeEx
CreateDirectoryW
SystemTimeToFileTime
UnmapViewOfFile
LoadLibraryW
FreeLibrary
ExitProcess
WaitForMultipleObjects
GetCommandLineW
GetTempFileNameW
GlobalFree
FileTimeToDosDateTime
FileTimeToSystemTime
SetThreadPriority
GetThreadPriority
ReleaseMutex
CreateMutexW
CompareStringW
OpenMutexW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetFolderPathAndSubDirW

winhttp

WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpTimeFromSystemTime
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpQueryHeaders

user32

CharUpperBuffW
UnregisterClassA
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
PeekMessageW
CharUpperW
wvsprintfW

oleaut32

SafeArrayLock
SystemTimeToVariantTime
SafeArrayUnlock
SafeArrayPtrOfIndex
VariantTimeToSystemTime
VariantInit
CreateErrorInfo
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
VariantClear
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType

ole32

PropVariantClear
IIDFromString
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoUnmarshalInterface
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoCreateInstance

authz

AuthzFreeResourceManager

wsock32

WSAGetLastError

iphlpapi

GetIpAddrTable
SendARP
GetAdaptersAddresses
GetBestInterfaceEx
NotifyAddrChange
CancelIPChangeNotify

secur32

GetUserNameExW

httpapi

HttpTerminate
HttpSetServiceConfiguration
HttpDeleteServiceConfiguration
HttpInitialize

ws2_32

getnameinfo
GetAddrInfoW
FreeAddrInfoW

shlwapi

StrCmpNW
ord437
PathAppendW
StrStrIW
PathFileExistsW
PathFindFileNameW

ntdll

_vsnprintf
ceil
strchr

mfplat

MFShutdown
MFStartup
MFInvokeCallback
MFCreateAsyncResult
CreatePropertyStore

userenv

UnregisterGPNotification
RegisterGPNotification

Sections

.text
Size: 678KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7be475de1ecc5d76f0611924cff5dcb6

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

shell32

winhttp

user32

oleaut32

ole32

authz

wsock32

iphlpapi

secur32

httpapi

ws2_32

shlwapi

ntdll

mfplat

userenv

Sections

.text Size: 678KB - Virtual size: 677KB

.data Size: 14KB - Virtual size: 20KB

.rsrc Size: 111KB - Virtual size: 110KB

.kdata Size: 76KB - Virtual size: 76KB

.text
Size: 678KB - Virtual size: 677KB

.data
Size: 14KB - Virtual size: 20KB

.rsrc
Size: 111KB - Virtual size: 110KB

.kdata
Size: 76KB - Virtual size: 76KB